Our idea is to accept users despite they have entered invalid credentials when trying to logging on Wi-Fi networks. We plan to give them an Access-Accept and some default attributes, i.e VLAN, to help them to reset their passwords.
Is this possible when doing PEAP-MSCHAPv2 or similar? (without having the plain text password)
We tried to return an Access-Accept when EAP fails but MS-MPPE-Send-Key and MS-MPPE-Recv-Key keys are not exchanged due the failure of the protocol so clients get disconnected.